INFSA-2025:8432: perl-CPAN security update
Information about definition
Identificator: INFSA-2025:8432
Type: security
Release date: 2025-07-07 11:22:46 UTC
Information about package
The CPAN module is a tool to query, download and build perl modules from CPAN sites.
Vulnerabilities description
- CVE-2020-16156
A flaw was found in the way the perl-CPAN performed verification of package signatures stored in CHECKSUMS files. A malicious or compromised CPAN server used by a user, or a man-in-the-middle attacker, could use this flaw to bypass signature verification.
Severity level
CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
---|---|---|---|
NIST — CVE-2020-16156
|
no information | 7.8 | no information |
Updated packages